Merge pull request #293 from Real-Dev-Squad/develop

Dev to main sync

Author: iamitprakash

.github/workflows/register-commands-production.yaml

@@ -25,6 +25,7 @@ jobs:
           RDS_SERVERLESS_PUBLIC_KEY: ${{secrets.RDS_SERVERLESS_PUBLIC_KEY}}
           CRON_JOBS_PUBLIC_KEY: ${{secrets.CRON_JOBS_PUBLIC_KEY}}
           IDENTITY_SERVICE_PUBLIC_KEY: ${{secrets.IDENTITY_SERVICE_PUBLIC_KEY}}
+          AWS_READ_ACCESS_GROUP_ID: ${{secrets.AWS_READ_ACCESS_GROUP_ID}}
 
   Register-Commands:
     needs: [Environment-Variables-Check]
@@ -41,6 +42,7 @@ jobs:
           DISCORD_TOKEN: ${{secrets.DISCORD_TOKEN}}
           DISCORD_APPLICATION_ID: ${{secrets.DISCORD_APPLICATION_ID}}
           DISCORD_GUILD_ID: ${{secrets.DISCORD_GUILD_ID}}
+          AWS_READ_ACCESS_GROUP_ID: ${{secrets.AWS_READ_ACCESS_GROUP_ID}}
   Deploy-to-Cloudflare:
     needs: [Register-Commands]
     runs-on: ubuntu-latest
@@ -61,6 +63,7 @@ jobs:
             RDS_SERVERLESS_PUBLIC_KEY
             CRON_JOBS_PUBLIC_KEY
             IDENTITY_SERVICE_PUBLIC_KEY
+            AWS_READ_ACCESS_GROUP_ID
         env:
           CURRENT_ENVIRONMENT: production
           CLOUDFLARE_API_TOKEN: ${{secrets.CLOUDFLARE_API_TOKEN}}
@@ -71,3 +74,4 @@ jobs:
           RDS_SERVERLESS_PUBLIC_KEY: ${{secrets.RDS_SERVERLESS_PUBLIC_KEY}}
           CRON_JOBS_PUBLIC_KEY: ${{secrets.CRON_JOBS_PUBLIC_KEY}}
           IDENTITY_SERVICE_PUBLIC_KEY: ${{secrets.IDENTITY_SERVICE_PUBLIC_KEY}}
+          AWS_READ_ACCESS_GROUP_ID: ${{secrets.AWS_READ_ACCESS_GROUP_ID}}

.github/workflows/register-commands-staging.yaml

@@ -25,6 +25,7 @@ jobs:
           RDS_SERVERLESS_PUBLIC_KEY: ${{secrets.RDS_SERVERLESS_PUBLIC_KEY}}
           CRON_JOBS_PUBLIC_KEY: ${{secrets.CRON_JOBS_PUBLIC_KEY}}
           IDENTITY_SERVICE_PUBLIC_KEY: ${{secrets.IDENTITY_SERVICE_PUBLIC_KEY}}
+          AWS_READ_ACCESS_GROUP_ID: ${{secrets.AWS_READ_ACCESS_GROUP_ID}}
 
   Register-Commands:
     needs: [Environment-Variables-Check]
@@ -41,6 +42,7 @@ jobs:
           DISCORD_TOKEN: ${{secrets.DISCORD_TOKEN}}
           DISCORD_APPLICATION_ID: ${{secrets.DISCORD_APPLICATION_ID}}
           DISCORD_GUILD_ID: ${{secrets.DISCORD_GUILD_ID}}
+          AWS_READ_ACCESS_GROUP_ID: ${{secrets.AWS_READ_ACCESS_GROUP_ID}}
   Deploy-to-Cloudflare:
     needs: [Register-Commands]
     runs-on: ubuntu-latest
@@ -61,6 +63,7 @@ jobs:
             RDS_SERVERLESS_PUBLIC_KEY
             CRON_JOBS_PUBLIC_KEY
             IDENTITY_SERVICE_PUBLIC_KEY
+            AWS_READ_ACCESS_GROUP_ID
         env:
           CURRENT_ENVIRONMENT: staging
           CLOUDFLARE_API_TOKEN: ${{secrets.CLOUDFLARE_API_TOKEN}}
@@ -71,3 +74,4 @@ jobs:
           RDS_SERVERLESS_PUBLIC_KEY: ${{secrets.RDS_SERVERLESS_PUBLIC_KEY}}
           CRON_JOBS_PUBLIC_KEY: ${{secrets.CRON_JOBS_PUBLIC_KEY}}
           IDENTITY_SERVICE_PUBLIC_KEY: ${{secrets.IDENTITY_SERVICE_PUBLIC_KEY}}
+          AWS_READ_ACCESS_GROUP_ID: ${{secrets.AWS_READ_ACCESS_GROUP_ID}}

config/config.ts

@@ -56,6 +56,9 @@ export function loadEnv(env: env, fromWorkerEnv: boolean): env {
     IDENTITY_SERVICE_PUBLIC_KEY: fromWorkerEnv
       ? env.IDENTITY_SERVICE_PUBLIC_KEY
       : process.env.IDENTITY_SERVICE_PUBLIC_KEY || "",
+    AWS_READ_ACCESS_GROUP_ID: fromWorkerEnv
+      ? env.AWS_READ_ACCESS_GROUP_ID
+      : process.env.AWS_READ_ACCESS_GROUP_ID || "",
   };
   return Env;
 }

src/constants/commands.ts

@@ -1,3 +1,7 @@
+import { config } from "dotenv";
+
+config();
+
 export const HELLO = {
   name: "hello",
   description: "Replies with hello in the channel",
@@ -27,6 +31,36 @@ export const GROUP_INVITE = {
     },
   ],
 };
+export const GRANT_AWS_ACCESS = {
+  name: "grant-aws-access",
+  description: "This command is to grant AWS access to the discord users.",
+  options: [
+    {
+      name: "user-name",
+      description: "User to be granted the AWS access",
+      type: 6, //user Id to be grant the access
+      required: true,
+    },
+    {
+      name: "aws-group-name",
+      description: "AWS group name",
+      type: 3,
+      required: true,
+      choices: [
+        {
+          name: "AWS read access",
+          value: process.env.AWS_READ_ACCESS_GROUP_ID,
+        },
+      ],
+    },
+    {
+      name: "dev",
+      description: "Feature flag",
+      type: 5,
+      required: true,
+    },
+  ],
+};
 
 export const MENTION_EACH = {
   name: "mention-each",

src/constants/responses.ts

@@ -82,3 +82,4 @@ export const INVALID_TOKEN_FORMAT =
 export const AUTHENTICATION_ERROR = "Invalid Authentication token";
 export const TASK_UPDATE_SENT_MESSAGE =
   "Task update sent on Discord's tracking-updates channel.";
+export const NOT_IMPLEMENTED = "Feature not implemented";

src/constants/urls.ts

@@ -3,6 +3,7 @@ export const RDS_BASE_STAGING_API_URL = "https://staging-api.realdevsquad.com";
 export const RDS_BASE_DEVELOPMENT_API_URL = "http://localhost:3000"; // If needed, modify the URL to your local API server run through ngrok
 
 export const DISCORD_BASE_URL = "https://discord.com/api/v10";
+export const AWS_IAM_SIGNIN_URL = "https://realdevsquad.awsapps.com/start#/";
 export const DISCORD_AVATAR_BASE_URL = "https://cdn.discordapp.com/avatars";
 
 export const VERIFICATION_SITE_URL = "https://my.realdevsquad.com";

src/controllers/baseHandler.ts

@@ -29,6 +29,7 @@ import {
   USER,
   REMOVE,
   GROUP_INVITE,
+  GRANT_AWS_ACCESS,
 } from "../constants/commands";
 import { updateNickName } from "../utils/updateNickname";
 import { discordEphemeralResponse } from "../utils/discordEphemeralResponse";
@@ -44,6 +45,7 @@ import {
 import { DevFlag } from "../typeDefinitions/filterUsersByRole";
 import { kickEachUser } from "./kickEachUser";
 import { groupInvite } from "./groupInvite";
+import { grantAWSAccessCommand } from "./grantAWSAccessCommand";
 
 export async function baseHandler(
   message: discordMessageRequest,
@@ -82,6 +84,19 @@ export async function baseHandler(
       return await mentionEachUser(transformedArgument, env, ctx);
     }
 
+    case getCommandName(GRANT_AWS_ACCESS): {
+      const data = message.data?.options as Array<messageRequestDataOptions>;
+      const transformedArgument = {
+        member: message.member,
+        userDetails: data[0],
+        awsGroupDetails: data[1],
+        channelId: message.channel_id,
+        dev: data.find((item) => item.name === "dev") as unknown as DevFlag,
+      };
+
+      return await grantAWSAccessCommand(transformedArgument, env, ctx);
+    }
+
     case getCommandName(REMOVE): {
       const data = message.data?.options as Array<messageRequestDataOptions>;
       const transformedArgument = {

src/controllers/deleteGuildRoleHandler.ts

@@ -0,0 +1,44 @@
+import { IRequest } from "itty-router";
+import JSONResponse from "../utils/JsonResponse";
+import { env } from "../typeDefinitions/default.types";
+import * as response from "../constants/responses";
+import { verifyNodejsBackendAuthToken } from "../utils/verifyAuthToken";
+import { deleteGuildRole } from "../utils/deleteGuildRole";
+
+export async function deleteGuildRoleHandler(request: IRequest, env: env) {
+  const authHeader = request.headers.get("Authorization");
+  const reason = request.headers.get("X-Audit-Log-Reason");
+  const roleId = decodeURI(request.params?.roleId ?? "");
+  const { dev } = request.query;
+  const devFlag = dev === "true";
+
+  if (!authHeader) {
+    return new JSONResponse(response.BAD_SIGNATURE, { status: 401 });
+  }
+
+  if (!devFlag) {
+    return new JSONResponse(response.NOT_IMPLEMENTED, { status: 501 });
+  }
+
+  if (!roleId) {
+    return new JSONResponse(response.BAD_REQUEST, { status: 400 });
+  }
+
+  try {
+    await verifyNodejsBackendAuthToken(authHeader, env);
+    const result = await deleteGuildRole(env, roleId, reason);
+
+    if (result === response.ROLE_REMOVED) {
+      return new Response(null, { status: 204 });
+    } else {
+      return new JSONResponse(response.INTERNAL_SERVER_ERROR, {
+        status: 500,
+      });
+    }
+  } catch (err) {
+    console.error("An error occurred while deleting discord role:", err);
+    return new JSONResponse(response.INTERNAL_SERVER_ERROR, {
+      status: 500,
+    });
+  }
+}

src/controllers/grantAWSAccessCommand.ts

@@ -0,0 +1,38 @@
+import { discordTextResponse } from "../utils/discordResponse";
+import { SUPER_USER_ONE, SUPER_USER_TWO } from "../constants/variables";
+import { env } from "../typeDefinitions/default.types";
+import {
+  messageRequestMember,
+  messageRequestDataOptions,
+} from "../typeDefinitions/discordMessage.types";
+import { grantAWSAccess } from "../utils/awsAccess";
+import { DevFlag } from "../typeDefinitions/filterUsersByRole";
+
+export async function grantAWSAccessCommand(
+  transformedArgument: {
+    member: messageRequestMember;
+    userDetails: messageRequestDataOptions;
+    awsGroupDetails: messageRequestDataOptions;
+    channelId: number;
+    dev?: DevFlag;
+  },
+  env: env,
+  ctx: ExecutionContext
+) {
+  const dev = transformedArgument?.dev?.value || false;
+  if (!dev) {
+    return discordTextResponse("Please enable feature flag to make this work");
+  }
+  const isUserSuperUser = [SUPER_USER_ONE, SUPER_USER_TWO].includes(
+    transformedArgument.member.user.id.toString()
+  );
+  if (!isUserSuperUser) {
+    const responseText = `You're not authorized to make this request.`;
+    return discordTextResponse(responseText);
+  }
+  const roleId = transformedArgument.userDetails.value;
+  const groupId = transformedArgument.awsGroupDetails.value;
+  const channelId = transformedArgument.channelId;
+
+  return grantAWSAccess(roleId, groupId, env, ctx, channelId);
+}

src/index.ts

@@ -23,6 +23,7 @@ import { sendProfileBlockedMessage } from "./controllers/profileHandler";
 import { sendTaskUpdatesHandler } from "./controllers/taskUpdatesHandler";
 
 import config, { loadEnv } from "./../config/config";
+import { deleteGuildRoleHandler } from "./controllers/deleteGuildRoleHandler";
 
 const router = Router();
 
@@ -34,6 +35,8 @@ router.get("/", async () => {
 
 router.patch("/guild/member", changeNickname);
 
+router.delete("/roles/:roleId", deleteGuildRoleHandler);
+
 router.put("/roles/create", createGuildRoleHandler);
 
 router.put("/roles/add", addGroupRoleHandler);